{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28777", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-03-10T12:23:11.490Z", "datePublished": "2025-02-19T16:04:19.920Z", "dateUpdated": "2025-02-19T16:24:01.383Z"}, "containers": {"cna": {"affected": [{"cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_controller:*:*:*:*:*:*:*:*", "versionEndIncluding": "11.0.1:update_pack_3", "versionStartIncluding": "11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "defaultStatus": "unaffected", "product": "Cognos Controller", "vendor": "IBM", "versions": [{"changes": [{"at": "FP3", "status": "affected"}], "lessThanOrEqual": "11.0.1", "status": "affected", "version": "11.0.0", "versionType": "semver"}]}, {"cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "defaultStatus": "unaffected", "product": "Controller", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.1.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application.</span>\n\n</span>\n\n\n\n\n\n\n\n</span>"}], "value": "IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n\n\nis vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-02-19T16:04:19.920Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7183597"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Cognos Controller code execution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-19T16:23:49.279960Z", "id": "CVE-2024-28777", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-19T16:24:01.383Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28777", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-19T16:23:49.279960Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-19T16:23:57.626Z"}}], "cna": {"title": "IBM Cognos Controller code execution", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBM", "product": "Cognos Controller", "versions": [{"status": "affected", "changes": [{"at": "FP3", "status": "affected"}], "version": "11.0.0", "versionType": "semver", "lessThanOrEqual": "11.0.1"}], "defaultStatus": "unaffected", "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cognos_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "11.0.1:update_pack_3", "versionStartIncluding": "11.0.0"}], "operator": "OR"}]}]}, {"vendor": "IBM", "product": "Controller", "versions": [{"status": "affected", "version": "11.1.0"}], "defaultStatus": "unaffected", "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7183597", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n\n\nis vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application.</span>\n\n</span>\n\n\n\n\n\n\n\n</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-02-19T16:04:19.920Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28777", "state": "PUBLISHED", "dateUpdated": "2025-02-19T16:24:01.383Z", "dateReserved": "2024-03-10T12:23:11.490Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-02-19T16:04:19.920Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n\n\nis vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application."}], "id": "CVE-2024-28777", "lastModified": "2025-02-19T16:15:39.363", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-02-19T16:15:39.363", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7183597"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}